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(54) Process for protecting personal identification data in a network by associating substitute 
identifiers 



(57) A process which provides confidentiality over 
an Internet or intranet network by associating to a main 
email account, a set of one or more substitute accounts 
which are automatically generated, maintained and de- 
leted. More particularly, there is provided a process for 
processing an electronic email message which compris- 
es the steps of: 

detecting (31) the occurrence of a predetermined 
condition existing within said email generated by 
one main email account; 

in response to said detection, creating (34) a sub- 
stitute email account to be used in lieu of said elec- 
tronic message; 

transmitting (35) said electronic message with the 
references to said substitute email account to said 
recipient. 
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Description 

Technical field of the invention 

[0001] The invention relates to telecommunications 
and more particularly to a process for protecting person- 
al references or identification data against misuse. 

Background art 

[0002] The constant progress of the Information Han- 
dling System (I.H.S.) technology and that of the com- 
munication systems, particularly with the explosion of 
the Internet and intranet networks, have resulted in the 
development of an era of information and services. With 
asinglecomputer, one individual is offered direct access 
to a highly effective communication tool as well as ac- 
cess to a wide range of information and services. 
[0003] Electronic mail has become one prominent 
part of the Internet communication tools. By sharing 
one's personal address, an individual is given the pos- 
sibility to communicate and to instantaneously transmit 
and receive information throughout the world. As in oth- 
er areas of the human activities, a technical break- 
through - while offering new freedom to the public, is 
rapidly accompanied by a number of deviations and mis- 
uses are perceived as an obstacle to the widespead up- 
take of the tool. 

[0004] One particular such misuse which web con- 
sumers are concerned about results from the diffusion 
of their personal identification references, particularly 
their email addresses, throughout the Internet network. 
Most commercial companies have found a strong inter- 
est in collecting their customer's personal identification 
references and gathering them as valuable data which 
they might use for many different purposes or commu- 
nicate on a financial basis to other entities and commer- 
cial organizations. As a consequence, it is not rare that 
when a customer subscribes to a new service or com- 
pletes a transaction on the Internet network, they also 
receive a large number of unsolicited commercial sub- 
missions and offers. While a customer would be free to 
walk and gather commercial information in a commer- 
cial fair without exposing his or her personal identifica- 
tion data and references, the new Internet consumer is 
more often than not invited to leave behind them an 
email address when showing some interest in any par- 
ticular product or service displayed on the web. 
[0005] As a consequence, e-commerce consumers 
are faced with an increasing number of electronic mails 
reaching their mailbox, including many unsolicited busi- 
ness and commercial offers. 

[0006] It is thus highly desirable thatthe web consum- 
er be able to keep some control on the use of personal 
information, and specifically their email address. 
[0007] Some proficient users have found a partial so- 
lution by using multiple email addresses and accounts, 
that are each reserved for particular areas of activities 



and types of transactions. This divides the problem and 
reduces the number of unsolicited electronic mail reach- 
ing any one mailbox. The problem is, however, not elim- 
inated with this method which, further, is quite cumber- 
5 some and reserved to web consumers that are well 
versed in the use of computers and comfortable with the 
settings of electronic mail software. 

Summary of the invention 

10 

[0008] This invention provides a process for protect- 
ing personal references or identification data in a trans- 
action or communication with a network, which compris- 
es the steps of: 

15 

detecting the potential use of said personal refer- 
ence and identification data; 
in response to said detection, obtaining a substitute 
set of references; 
20 - transmitting said substitute said of references in 
place of said personal references and identification 
data to said recipient. 

[0009] Preferably, the personal reference is a email 
25 address and the process involves the steps of 1 . iden- 
tifying a new email account associated with a new email 
reference in response to the detection of said potential 
use, and 2. transmitting said new email reference to the 
network. 

30 [0010] In one embodiment, the detection of the poten- 
tial use of the personal reference is made within an 
SMTP session - based on the detection of predeter- 
mined words existing in a email message or one the ac- 
tuation of a specific icon or menu item by the user. In 

35 other embodiments, the detection is achieved within an 
HTTP session forthe purpose of protecting the informa- 
tion transmitted via a web browser. 
[0011] In at least some specific embodiments, there 
confidentiality of the messages transmitted through the 

40 internet network in enhanced by automatically associ- 
ating one or more substitute email accounts with one 
main email account. Thus a process for processing an 
electronic message is provided which involves the steps 
of: 

45 

detecting the occurrence of a predetermined condi- 
tion existing within said email generated by one 
main email account; 

in response to said detection, creating a substitute 
50 email account to be used in lieu of said electronic 
message; 

transmitting said electronic message with the refer- 
ences to said substitute email account to said recip- 
ient. 

55 

[0012] The substitute email account can be created 
with an auto-forward option being activated so that any 
response will be forwarded to the originating main email 
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account. 

[0013] The SMTP server can be arranged to scan 
each email being transmitted by the user and to auto- 
matically detect some predefined words, such as "SUB- 
SCRIBE", or "SUBSCRIPTION" etc... In responsetothe 
detection of such a word, a substitute email account is 
automatically generated. 

[0014] Alternatively, the creation of the substitute 
email account can be controlled by the actuation, in the 
mailing software, of one specific key requesting the ac- 
tivation of a Restricted Diffusion Email Address (RDEA) 
feature. 

[0015] The process can be adapted to be incorporat- 
ed within a STMP server which scans the emails to be 
forwarded outside an intranet network. Preferably, the 
SMTP server also detects the occurrence of words such 
as UNSUBSCRIBE or UNSUBSCRIPTION for the pur- 
pose of automatically deleting the corresponding sub- 
stitute email accounts. 

[0016] In this way, there is provided an easy and ef- 
fective way of keeping control of the diffusion of elec- 
tronic addresses throughout the Internet. It is even 
made possible to track the different in-coming mails and 
to determine from which first email the corresponding 
substitute email account was created. Preferably, there 
is also provided an effective Graphical User Interface 
which allows easy management of the different substi- 
tute accounts, thereby providing easy deactivation, ac- 
tivation of the option, and even status like HOLD which 
temporary deactivates the auto-forward option of the 
corresponding substitute email account. 
[0017] The invention is well adapted to implementa- 
tion within email software or web browsers, thus in- 
creasing the confidentiality and preventing misuse of a 
main email address as the customer is surfing the Inter- 
net or exchanging email notes. 

Description of the drawings 

[0018] An embodiment of the invention will now be de- 
scribed, by way of example only, with reference to the 
accompanying drawings, wherein: 

Figure 1 illustrates atypical environment where the 
invention can be embodied. 

Figure 2 illustrates the general process achieving 
protection of the personal reference or private iden- 
tification data. 

Figure 3 illustrates the use of the general process 
in a SMTP session. 

Figure 4 illustrates the exchange of messages be- 
tween the originating email account, the substitute 
account and the external recipient of the message 
in the SMTP session. 



Figure 5 shows the process executed by the agent 
within the SMTP server when a substitute email ac- 
count has to be discarded 

5 Figure 6 illustrates a second embodiment achieving 

protection of private reference data in a SMTP ses- 
sion. 

Figure 7 illustrates the SMTP process in the second 
10 embodiment of figure 6. 

Figure 8 illustrates the use of the general process 
of figure 2 in a HTTP session. 

15 Figure 9 illustrates the exchange of messages be- 

tween the web browser and the HTTP proxy in the 
second embodiment. 



[0019] With respect to figure 1 there is illustrated a 
typical network environment - a corporate environment 
based on a intranet network 2 which communicates with 

25 an internet network 1 . Communication between the in- 
tranet network and the internet network 1 is achieved 
via a computer 4 serving as a Proxy and also hosting 
an SMTP server for the outgoing mail. For the sake of 
illustration only, the intranet network is shown to include 

30 two computers, respectively computers 5 and 8, a serv- 
er 6, a printer 7 and a router 9. 

[0020] The SMTP server is associated with a POP 
server (not represented in the figure) which provides to 
each individual within the intranet network an email soft- 

35 ware facility for communicating both inside and outside 
the intranet network, for instance with a computer or 
server 3. It should be noticed that, in accordance with 
the different configurations of the intranet network, dif- 
ferent SMTP servers may be arranged for supporting 

40 the email distribution service. 

[0021] Computers 5 or 8 are fitted with communica- 
tion circuitry and software providing a TCP/IP commu- 
nication stack for supporting the communication layers 
which are involved in the communication steps of the 

45 process described herein. In most cases, access to the 
Internet network is achieved via the World Wide Web 
via the well-known Hyper Text Transfer Protocol (HT- 
TP), which is provided by means of an information ac- 
cess/management tool such as a browser (not shown in 

50 figure 1 ), for instance Netscape (manufactured by Net- 
scape Inc.), or Internet Explorer (manufactured by Mi- 
crosoft Corporation of Redmond, Washington, USA). 
The browser provides access to web servers and con- 
stitutes the heart of the interaction between the latter 

55 and the user's machine. While HTTP is very useful, par- 
ticularly because it is well adapted to the use of firewalls, 
any other suitable protocol allowing communication via 
the network can be used. The computer is also fitted 
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with a email communication tool, such as such as Out- 
look Express or Outlook marketed by Microsoft Corp. 
which is used for transmitting and receiving electronic 
mail. 

[0022] Figure 2 illustrates the general principle of the 
process which achieves protection of private personal 
references and identification data. Specifically, the proc- 
ess will be considered in relation to the protection of an 
email address, although the process may be adapted to 
the protection of any kind of personal and private refer- 
ences. 

[0023] The automatic representation process is 
launched with a step 21 which consists in the detection 
of a predefined event, condition or criterion. Clearly, any 
type of condition may be used, such as the detection of 
specific words or access to specific files. In some em- 
bodiments, a condition might consist in the use of par- 
ticular information that is recorded in one or more profile 
files registered within the system as being sensitive. 
[0024] In a step 22, following the detection of the pre- 
defined condition, a set of substitute personal referenc- 
es are created without involvement of the user. 
[0025] Once created, the substitute personal refer- 
ences are used for arranging an alternate communica- 
tion channel which is used for performing a transaction. 
Thus, in a step 23, the process then substitutes the orig- 
inal personal reference, in this example the email ad- 
dress, and uses a substitute email address for the pur- 
pose of the transmission of electronic mail. 
[0026] The transaction, information or email resulting 
from the substitution of the private references is proc- 
essed in a step 24 and a further substitution occurs for 
the purpose of reestablishing the original personal ref- 
erence so that the process remains fully transparent to 
the user. 

[0027] The relation between the original private infor- 
mation and the substitute information is stored within a 
database which is created and maintained by the sys- 
tem. The process of figure 2 can be used in a wide 
number of situations and achieves automated replace- 
ment of the private reference by substitute references 
which are systematically used and maintained under 
control of the user. Effective protection of SMTP, HTTP, 
NNTP and generally any kind of transaction and com- 
munication environment can be achieved. 
[0028] There will now be described the use of this 
technique for the protection of an SMTP session, and 
particularly an email address. Two particular embodi- 
ments, respectively illustrated in figure 3-4 and 5-6 will 
be discussed. 

[0029] The first embodiment is illustrated in figures 3 
and 4. There is provided a process which is preferably 
performed within an SMTP server, without the need to 
change the individual email software that is installed 
within the computers. For this purpose an agent is in- 
stalled in the SMTP server that allows control to be kept 
on the use and the diffusion of personal identity refer- 
ences, and particularly the email address. The agent 



provides for automatic creation and management of 
substitute email accounts associated with the user's 
main personal email account. 

[0030] The first embodiment of the SMTP session will 
5 now be described with reference to figure 3 which shows 
the process that is executed by the agent within the 
SMTP server. 

[0031] In a step 31 , the process is launched upon the 
detection of a predetermined criterion concerning a par- 

10 ticular email. In the embodiment described, the criterion 
is linked to the detection of the words "SUBSCRIBE" or 
"SUBSCRIPTION" in the originating email indicating 
that the user is going to transmit some personal data - 
and particularly the email address - to a third party. 

15 Clearly, detection of these particular words is merely 
one example and the process may be adapted to detect 
any other suitable events for the purpose of launching 
the process of figure 3. 

[0032] This can be achieved, for instance, by detect - 
20 ing the searched word within the SUBJECT field within 
the text file containing the note, as in the following: 

X-Mailer: Sendmail 
MIME-version: 1 .0 
25 Content-type: text/plain 

To: mailto:emdebian-discuss-equest@ lists. source- 
forge, net 

Sender: Myself@mycorporate.com 
Date: Sun ; 24 Jun 2001 12:01 :40 -0700 
30 Subject: subscribe 
End of Mail 

[0033] This detection is carried out when the STMP 
server receives the outgoing mail, as illustrated on the 

35 figure 4 with reference to arrow 41 . 

[0034] Upon detection of the particular criterion, the 
SMTP server executes a test in a step 32 to determine 
whether a substitute account already exists in the data- 
base of the substitute accounts that has been already 

40 assigned to the particular destination defined by the 
originating email. If this is the case, then the process 
proceeds to a step 33 where the preexisting substitute 
account is identified and the process will then go to step 
35. While this is not the preferred embodiment, the user 

45 may be given the possibility, by means of a pop-up win- 
dow for instance, to choose a substitute account for re- 
directing the original mail. However, in the preferred em- 
bodiment, it is assumed that most users do not wish to 
be concerned with this mechanism and that confidenti- 

50 ality should be provided without requiring manual inter- 
vention. 

[0035] If no email account is already assigned to the 
considered destination, then the process automatically 
creates a substitute email account in a step 34 for the 
55 purpose of preserving the confidentiality of the originat- 
ing email address, or at least for allowing control of the 
use of the email transmitted by the user. More generally, 
the SMTP server is associated with a database of sub- 
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stitute accounts which is continuously maintained in ac- 
cordance to the users' requirements. Clearly many em- 
bodiments can be arranged for step 34 for creating this 
new email-account. In a corporate environment, the 
email-accounts can be internally handled at the level of 
the SMTP server while, in another embodiment, the new 
account can be created by an external Internet Service 
Provider by means of the agent running within the 
SMTP. For this purpose, the agent may generate an ap- 
propriate GET REQUEST command in accordance with 
the well known Hyper Text Transfer Protocol (HTTP) 
standard and to fill-in a form for the purpose of creating 
the substitute mailbox. In an UNIX environment, one 
embodiment, the new substitute account could be di- 
rectly created in an UNIX environment in response to a 
new creation of a new user. Preferably, the generation 
of the new substitute accounts will follow a general pol- 
icy or set of rules forthe definition of the email identifiers. 
Indeed, it can be advantageous to define whether or not 
some personal identification data should be left within 
the new substitute accounts or should be automatically 
deleted. Once created, the new substitute account is 
configured with an auto-forward option so that incoming 
mail will be automatically transferred to the originating 
email account. Referring to figure 4, it can be seen that 
the creation of the substitute account is illustrated is rep- 
resented by arrow 42. 

[0036] It should be apparent that, as an alternative, 
the process may also invite the user, before creating the 
new account in accordance with step 34, to use a al- 
ready existing account assigned to a different destina- 
tion. 

[0037] I n a step 35, the SMTP server generates a new 
mail, based on the newly created (step 34) or one pre- 
existing (step 33) account, and this new mail is then 
transmitted to the particular destination defined by the 
user - for instance server 3 in figure 1 - with the identi- 
fication references of the substitute account. In one par- 
ticular embodiment, the substitute email is directly gen- 
erated by the SMTP server (illustrated by the dotted line 
of arrow 42 in figure 4) and transmitted to the appropri- 
ate destination while, alternatively, the SMTP server 
may control the substitute mailbox handled by an exter- 
nal Internet Service Provider - and specifically activates 
the auto-forward function - so that the latter can directly 
control the transmission of the substitute email to the 
appropriate destination. 

[0038] The subscription mail is received by the desti- 
nation and processed accordingly. If a response is pro- 
vided, the latter will reach the substitute mailbox and will 
be forwarded in a step 36 to the originating email ac- 
count be means of the auto-forward option (represented 
by arrow 44 in figure 4). When received by the SMTP 
server in a step 37, the response is processed for the 
purpose of substituting the email references contained 
in the email by modifying the SenderT\e\6 within the elec- 
tronic envelope. 

[0039] The processed email is received by the origi- 



nating mail box, and this is also illustrated by arrow 45 
in figure 4. 

[0040] In addition to the substitution of the email ref- 
erences, the SMTP server may optionally flag the in- 

5 coming mail with an indication of associated substitute 
account. More specifically the email can be enriched 
with additional information such as a reference to the 
first email note which resulted in the generation of the 
corresponding substitute mail. This would permit the us- 

10 er to easily track any use and misuse of the personal 
data he/she provides to a commercial organization. 
[0041] Figure 5 shows the process executed by the 
agent within the SMTP server when a substitute email 
account has to be discarded. This is automatically 

15 achieved, based for instance on a detection step 51 of 
the word "UNSUBSCRIBE", or "UNSUBSCRIPTION" or 
any other equivalent words. Upon detection of such 
words within the email, the process then goes to a step 
52 to determine whether the recipient identified by the 

20 user is already associated with an existing substitute ac- 
count, in which case the corresponding account is de- 
stroyed in a step 53. If the account has already been 
destroyed, then the process completes in a step 54. This 
therefore allows an easy and effective management of 

25 the substitute accounts as there are continuously creat- 
ed, maintained, and deleted from the list of substitute 
accounts handled by the SMTP server. 
[0042] With respect to figure 6 and 7 there will now be 
described a second embodiment of the protection of the 

30 SMTP session. This is achieved by offering a new en- 
hanced function to the user within the email software, 
which will be referred herein to as a Restricted Diffusion 
Email Address (RDEA) facility. In this embodiment, the 
function is associated with a specific icon which is dis- 

35 played to the user and which allows them to control how 
the mail will be transmitted to any given recipient. 
[0043] As shown in figure 6, the process starts with a 
step 61 for determining whether the SMTP server is 
ready to accept the new RDEA command. This can be 

40 achieved when the email account is being installed with- 
in the mail software or when the software is being 
launched, particularly after the issuance of the EHLO 
command requesting the SMTP to provide the number 
of commands which it can accept. 

45 [0044] If the test of step 61 succeeds, then the proc- 
ess running in the mail software executes a step 62 
where the user is invited to activate the Restricted Dif- 
fusion Email Address feature upon completion of the 
preparation of an email, be it a email for service sub- 

50 scription or any ordinary email. 

[0045] A test is performed in a step 63 to determine 
whether or not the user has activated the corresponding 
RDEA icon. If the RDEA icon is not activated, then the 
process goes to a step 64 which is the normal process- 
es jng of the electronic mail. 

[0046] Conversely, if the user actuates the RDEA 
icon, then the process proceeds with a step 65 where a 
specific ANONYMIZE command is inserted within the 
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electronic mail. 

[0047] The process then transmits the email to the 
SMTP server in a step 66 so that the latter can process 
it in accordance with the process of figure 3 and, possi- 
bly, create a substitute email account. 
[0048] With reference to figure 7, there is now de- 
scribed the process which is executed within the SMTP 
server for the purpose of processing the email contain- 
ing the ANONYMIZE command. 
[0049] The process is launched with a step 71 which 
is a test to determine whether the email envelope con- 
tains the ANONYMIZE command. 
[0050] If this command is not detected, then the proc- 
ess processes the mail in conventional manner. 
[0051] If the command is detected, the SMTP server 
executes a test in a step 73 to determine whether a sub- 
stitute account already exists in the database of the sub- 
stitute accounts and is already assigned to the particular 
destination defined by the email. If so, then the process 
proceeds to a step 74 where one preexisting substitute 
account is being considered and the process will then 
go to a step 76. 

[0052] If no email account is already assigned to the 
considered destination, then the process automatically 
creates a substitute email account in a step 75. As be- 
fore, the process can also invite the user, before creating 
the new account in accordance with step 75, to use a 
already existing account assigned to a different destina- 
tion. 

[0053] In a step 76, the SMTP generates a new email 
and this new email is then transmitted to the particular 
destination defined by the user - for instance server 3 in 
figure 1 - with the identification references of the substi- 
tute account. In some embodiments, the substitute 
email is directly generated by the SMTP server and 
transmitted to the appropriate destination while, alterna- 
tively in other embodiments, the SMTP server may con- 
trol a substitute mailbox handled by an external Internet 
Service Provider to control the transmission of the sub- 
stitute email to the destination. 

[0054] The subscription mail is received by the desti- 
nation and processed accordingly. If a response is pro- 
vided, the latter will be sent to the substitute mailbox in 
a step 77 and will be forwarded to the originating email 
account after a substitution step 78 to restore the origi- 
nal personal references. 

[0055] With reference to 8 there will now be described 
how the process of figure 2 can be applied to the pro- 
tection of an HTTP session. In this situation, the web 
browser, such as Internet Explorer of Microsoft can be 
adapted in order to provide the detection of a predeter- 
mined condition which will result in the execution of the 
substitution process of the personal references or iden- 
tification data of the user. 

[0056] As described above, the detection of the par- 
ticular event which causes the substitution of the per- 
sonal references can be based on various elements, 
and many embodiments of the invention are possible. 



Preferably, the web browser is enriched with additional 
software instructions for performing the following proc- 
ess. 

[0057] In a step 81 , similarly as in step 31 of figure 3 ; 
5 the process detects the occurrence of a predetermined 
condition, such as, for instance, the fact that the user is 
typing an email address or personal reference which is 
detected to be included in some sensitive files or private 
profiles. In this event, a pop-up window is displayed to 
10 the user in order to inform the latter that they may acti- 
vate the RDEA feature. Alternatively, the web browser 
may be enriched with an additional icon or menu item 
for controlling the execution of the RDEA facility via the 
incorporation of a new ANONYMIZE command within 
15 the HTTP header. 

[0058] Upon detection of the predefined, the SMTP 
server executes a test in a step 82 to determine whether 
a substitute account already exists in the database of 
the substitute accounts and was already assigned to the 
20 particular destination defined by the originating email. If 
this is the case, then the process proceeds to a step 83 
where a preexisting substitute account is identified and 
the process proceeds to a step 85. 
[0059] If no email account is already assigned to the 
25 considered destination, then the process automatically 
creates a substitute email account in a step 84 which, 
in accordance with the particular embodiment, may be 
handled within the intranet network or even provided by 
an external web server. As previously, the auto-forward 
30 option is activated. 

[0060] In a step 85, the web browser accesses the da- 
tabase containing the substitute reference to be used in 
place of the original reference and then posts the infor- 
mation to the server. 
35 [0061] Once received in a step 86, the response is 
processed and, any reference to the substitute refer- 
ence is deleted in a step 87 forthe purpose of maintain- 
ing transparency to the user. 

[0062] Figure 9 shows the different messages which 
40 are exchanged between the web browser, the proxy and 
the remote server. Arrow 91 illustrates the message 
from the web browser to the proxy. In response to the 
detection of the email address, the proxy creates a new 
mailbox with a substitute address - the reference of 
45 which is incorporated within the database of substitute 
addresses - and this is illustrated by the interaction 
shown with respect to arrow 92. Further, the proxy is- 
sues a modified HTTP post which carries the reference 
to the newly created email box, and this is illustrated by 
50 arrow 93. The answer provided by the remote server is 
illustrated by arrow 94 and, correspondingly, the proxy 
issues a modified response to the web browser which 
is illustrated by arrow 95. 

[0063] In one embodiment, the process is executed 
55 within a proxy which interfaces the information between 
the web browser and the server on the web, so that the 
web browser requires no particular adaptation to fit the 
process. Alternatively, the proxy can be embodied as a 
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DCOM object within the web browser for the purpose of 
implementing the above described mechanism. 
[0064] It can be seen that, due to the creation of the 
new email account and to the substitution mechanism 
which is automatically provided, when the server re- 
sponds, the email is first transmitted to the appropriate 
substitute address and is then forwarded to the main ad- 
dress of the user who is then guaranteed that their per- 
sonal email address is not transmitted. Moreover, the 
above described techniques provide the user with a way 
to reduce the number of unsolicited emails they receive 
simply by eliminating one or more substitute email ac- 
counts; In preferred embodiments, this can be achieved 
by means of a general management software tool which 
provides, upon request of the user, a list of the different 
substitute addresses in use and allows the status to 
each substitute address to be switched, for instance, be- 
tween ENABLE, DISABLE and HOLD states, the latter 
being associated with a temporary deactivation of the 
auto-forward option of the substitute mail box. In this 
case, assuming thatthe user wishes to reduce for some 
time the number of electronic mails, they are given the 
possibility to temporarily disable any one particular sub- 
stitute mailbox. This results in the incoming mail simply 
being stored as long as the user keeps it in the HOLD 
status. 

[0065] In preferred embodiments, the control of the 
different status of the substitute mailboxes is achieved 
via a Graphical User Interface (GUI) allowing easy con- 
trol of each substitute mail box. The process may even 
be enriched with a tracking feature which permits to dis- 
play each incoming mail with a reference to the corre- 
sponding substitute email account. 
[0066] While the process was particularly described 
in reference to the arrangement of a Restricted Diffusion 
Email Address feature in a corporate environment 
based on an intranet network, it should be clear that the 
techniques described may easily be adapted to any type 
of configuration, and particularly to that of an Internet 
Service Provider in order to enable the provision of add- 
ed value services to their customers by offering them 
confidential access. 



Claims 

1 . Process for protecting personal references or iden- 
tification data in a transaction or communication 
with a network, said process comprising the steps 
of: 

detecting (21 ) the potential use of said personal 
reference or identification data; 
in response to said detection, obtaining (34) a 
substitute set of references 
transmitting to said recipient (35) said substi- 
tute said of references in place of said personal 
references or identification data. 



2. Process according to claim 1 wherein said personal 
reference is a email address and wherein said proc- 
ess involves the steps of: 

5 - identifying an email account associated with a 

new email reference in response to the detec- 
tion of said potential use; 
transmitting said created email reference to the 
network. 

10 

3. Process according to claim 2 wherein said detection 
is performed within an SMTP session. 

4. Process according to claim 3 wherein said detection 
15 is based on the detection of predetermined words 

existing in an email message. 

5. Process according to claim 3 wherein said detection 
is initiated by a specific icon or menu item being ac- 

20 tuated by the user. 

6. Process according to claim 2 wherein said detection 
is performed within an HTTP session for the pur- 
pose of modifying said personal reference. 

25 

7. Process according to claim 6 wherein said detection 
is based on the detection of predetermined words 
which are likely to be posted to a web server. 

30 8. Process according to claim 6 wherein said detection 
is based on the actuation of a specific icon or menu 
item by the user. 

9. Process for processing an email generated by a 
35 main email account to be transmitted to a given re- 
cipient through an Internet network or an intranet 
network, said process involving the steps of: 

detecting (31) the occurrence of a predeter- 
40 mined condition existing within said email; 

in response to said detection, creating (34) a 
substitute email account to be used in lieu of 
said main email account; 
transmitting (35) said electronic message to 
45 said recipient with references to said substitute 

email account.. 

10. Process in accordance with claim 9 wherein said 
substitute account is generated with an auto-for- 

50 ward option being activated for the purpose of for- 
warding any responseto said originating main email 
account. 

11. Process in accordance with claim 9 wherein said 
55 detection is achieved by means of the detection of 

a given set of words existing within said electronic 
messages. 



40 



45 
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12. Process in accordance with claim 11 wherein the 
substitute email account is created upon detection 
of the words SUBSCRIBE or SUBSCRI PTION with- 
in said email. 

13. Process in accordance with claim 9 wherein said 
predetermined condition corresponds to the actua- 
tion by the user of a predetermined icon corre- 
sponding to a Restricted Diffusion Email Address 
feature. 

14. Process in accordance with claim 9 executed in a 
SMTP server. 

15. Process in accordance with claim 11 executed in a 
SMTP server comprising detecting the occurrence 
of the words "UNSUBSCRIBE" or "UNSUBSCRIP- 
TION" for the purpose of controlling the deletion of 
said substitute email account. 

16. Process in accordance with anyone of the preced- 
ing claims comprising tracking any electronic mail 
coming from said substitute account for the purpose 
of displaying it to the user with a reference to said 
main email account. 

17. Process in accordance with claim 10 comprising: 

maintaining a database of the different substi- 
tute email accounts that are created and with a 
corresponding status associated with an auto- 
forward option, 

displaying to the userthe set of substitute email 
accounts, and the corresponding status; 
changing said status in response to an action 
from said user; 

correspondingly changing the auto-forward op- 
tion associated with one particular substitute 
email address. 

18. Process in accordance with claim 17 wherein each 
of said substitute accounts is associated with a sta- 
tus ENABLE, or DISABLE or HOLD. 

19. Mail software computer program comprising pro- 45 
gram code elements for performing anyone of the 
processes of claims 1 to 5 and 9 to 18. 

20. Web browser computer program comprising pro- 
gram code elements for performing anyone of the so 
processes of claims 6 to 8. 

21. SMTP server computer program comprising pro- 
gram code elements for performing anyone of the 
processes of claims 9 to 1 8. 55 
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Fig. 6 . SMTP protection 
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